Nokia Website Warning!!!!!!

[iPodlover]

Just a heads up to anyone clicking on Nokia's N8 website. I'm relatively certain they have a cross-site scripting attack they are not aware of. This is what happened to me. I was researching the specs for my new toy using google and I clicked the 2nd or 3rd link and my lap top went nuts. Before I knew it some whacko website had downloaded a java file and it attempted to open a pdf file in my opera cache. Lucky for me ESET caught it but its a tenacious biatch the java file tried to launch java repeatedly which in turn was trying to load a malicious pdf.

This is the site that tried to trojan me:
sawql3hoo.com/gnkvbtenhnguhn.jar

BE CAREFUL

I've contacted nokia but we all know how well they listen.

 

[29 below 7]

...XSS coming FROM Nokia? I doubt it.

An injected Google search link that points to Nokia.com and escapes out using XSS or CSRF? Possibly.

Perhaps you can provide the search query you used and more information?

 

[Kunmui]

I google'd nokia n8 spec and clicked the second link

http://conversations.nokia.com/2010/04/27/nokia-n8-official-price-specs-and-pics/

 

[mylifesucksmorethanyours]

Why do you even have Java enabled in the first place? So few sites use Java that it's not worth it even if you keep it updated. It's such an unsecure piece of crap. And if you do need to use a site with Java, it's easy to enable again. Note: I'm talking about Java, not Javascript. Almost all sites use Javascript and usually don't display properly without it. http://antivirus.about.com/b/2010/10/13/why-and-how-to-disable-java.htm

 

[Hay]

Nothing like this has ever happened to me in over two decades, anyway I uninstalled java just to be safe.

 

[RyuuBakuryuu]

At least you are using a decent AV program...

 

[aviel740]

maker;14139440']I think thenokiablog got hit too, except they got flagged by stop badware in Firefox. When I load the site up in ie8, an odd javascript box pops up with OK as the only option. I'm gunna go scan for a bit...

 

[(._. )]

I'll take that as confirmation. For a while I was starting to think it could have been just a coincidence or something but this could be big. I have carte blanche access to symantec's SecurityFocus.com I used to work for them. I'm going to run this by the guys and see what they have to say.

 

[rahul s]

You used to work for SecurityFocus and you're worried about XSS? You should be running your browser in a sandbox, among many other things, in any case.

 

[*whosaidiwasright.ha]

Yes I know it's pure hubris on my part. I should know better but as I said nothing like this virus or otherwise has ever happened to me in over two decades. Its just that it caught me so off guard my so called experience/knowledge lulled me into complacency.

Ps. This is the internet I realize people can claim anything like lying about where they worked but if anyone wants to call me on it believe me I can supply ample proof that I used to be on the team...the DeepSight team.

 

[Ms. K]

Ok then, I got the guys at SecurityFocus.com to investigate. Now we wait and see.

 

[SCG]

I'm not doubting that you worked with SecuriTeam at all. I just found it odd that one, claiming to be working in the infosec industry, apparently lacks the insight to secure themselves against simple threats, and uses terms and phrases such as "whacko website had downloaded a java file" and "tenacious biatch".

Meh, maybe I shouldn't have bought that Jump to Conclusions mat.

 

[Zxz]

Trend Micro actually blocks that URL before you even download the jar file. So the URL is definitely malicious.

Check here: http://reclassify.wrs.trendmicro.com/wrsonlinequery.aspx

 

[Sunny.]

I understand your critique of my language, try to understand this is a phone board and as such i'm choose to speak in lingo an terminology the non securtity professionals would get. Were I writing a report to my superiours I would certainly have used professional language and terminology.